14602 matches found
WooCommerce - Store Exporter < 2.7.2.1 - Reflected XSS
Description The plugin does not sanitise and escape the filter parameter before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
YOP Poll < 6.5.27 - Unauthenticated Vote Manipulation via Race Condition
Description The plugin is affected by a race condition, allowing unauthenticated users to vote multiple times on a poll even when it's configured to only allow one vote per person...
User Avatar < 1.4.12 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Webpushr < 4.35.0 - LFI via CSRF
Description The plugin does not have CSRF check in its wppsavesettings function, and does not validate the menu parameter, allowing attackers to make logged in users admins perform LFI attacks via CSRF...
Contact Form Email < 1.3.44 - Editor+ Stored Cross-Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Create a form and navigate to...
WP Not Login Hide <= 1.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Visit the "WPNLH" interface...
Advanced Page Visit Counter < 8.0.1 - Contributor+ SQLi
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by Contributor and above users...
Qi Addons For Elementor < 1.6.5 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WP Google My Business Auto Publish < 3.8 - Multiple CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete transients and update post metadata via CSRF attacks...
WP Event Manager < 3.1.43 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Contact Forms by Cimatti < 1.6.1 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Popup box < 3.8.6 - Admin+ Stored XSS in Categories
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Popup Box Categories" 2...
Popup box < 3.8.6 - Admin+ Stored XSS in Popup Settings
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a new Popup 2. In the...
Church Admin < 3.8.0 - Server-Side Request Forgery (SSRF)
Description Server-Side Request Forgery SSRF vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56...
Easy Newsletter Signups <= 1.0.4 - Admin+ SQLi
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC 1. From the "Easy Newsletter Signups", select an email address and then click "Export to CSV" 2. Intercept...
Simply Excerpts <= 1.4 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. PoC Put the following...
WP Fastest Cache < 1.2.2 - Unauthenticated SQL Injection
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. PoC 1. Visit WP Fastest Cache Settings. Ensure "Cache System" is enabled, and "Logged-in Users" is disabled. Click "Submit"...
Profile Builder < 3.10.4 - Plugins Activation/Deactivation CSRF
Description The plugin does not have CSRF checks when activating and deactivating plugins, which could allow attackers to make logged in users perform such actions via CSRF attacks...
eCommerce Product Catalog Plugin for WordPress < 3.3.26 - Products Deletion via CSRF
Description The plugin does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products PoC Make a logged in admin open the URL below...
Word Balloon < 4.20.3 - Avatar Removal via CSRF
Description The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link. PoC Make a logged in admin open https://example.com/wp-admin/options-general.php?page=word-balloon=delet...
Stop Referrer Spam < 1.3.1 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
PowerPress Podcasting < 11.0.7 - Contributor+ SSRF
Description The plugin does not validate a parameter before making a request to it via the powerpressmediainfo AJAX action, which could allow Contributor and above role to perform SSRF attacks...
Funnelforms Free < 3.4.2 - Form Deletion/Duplication via CSRF
Description The plugin does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks PoC Make a logged in admin open an HTML page with the form below Deletion This will delete the...
Advanced iFrame < 2023.9 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Frontend File Manager < 22.7 - Editor+ Arbitrary File Download
Description The plugin has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as wp-config.php PoC 1 Create new post with this shortcode - ffmwp 2 Go to new post and upload any file 3 After that go to main page of plugin for users...
Autolinks Manager < 1.10.05 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG
Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC As an author, upload an SVG file with malicious JavaScript: Access the file through its URL to see XSS...
AMP+ Plus <= 3.0 - Reflected Cross Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC https://example.com/?p=1=%22%3E%3CScRiPt%3Ealert%28%27XSS%27%29%3C%2FsCrIpT%3E...
Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext
Description The plugin is vulnerable from an RCE Remote Code Execution vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. PoC 1 Go to main dashboard of plugin...
BSK Contact Form 7 Blacklist <= 1.0.1 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape the insertedcount parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below...
Enhanced Admin < 1.17 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Mobile Banner < 1.6 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
ShiftController Employee Shift Scheduling < 4.9.24 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload
Description The plugin does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server PoC Setup As admin: - Go the the...
Welcart e-Commerce < 2.9.5 - Unauthenticated PHP Object Injection
Description The plugin unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...
TS Webfonts for さくらのレンタルサーバ < 3.1.3 - Font Settings Change via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Apollo13 Framework Extensions < 1.9.1 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Email Templates < 1.4.3 - Email Sending via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the sendtestemail function. This makes it possible for unauthenticated attackers to send test emails via a forged request granted the...
TPG Redirect < 1.0.8 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Simple Giveaways < 2.46.1 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
TS Webfonts for さくらのレンタルサーバ < 3.1.1 - Admin+ Stored Cross-Site Scripting
Description The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks, for example on multisite instances...
Welcart e-Commerce < 2.9.5 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below:...
EventON < 2.2 - Admin + Stored HTML Injection
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed. PoC 1. Go to the Virtual Event - This is a virtual online event. 2...
WP Reactions Lite < 1.3.9 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Simple Site Verify < 1.0.8 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Add to Calendar Button < 1.5.1 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Basic Interactive World Map < 2.7 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
IdeaPush < 8.53 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Medialist < 1.4.0 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
UpdraftPlus: WordPress Backup & Migration < 1.23.11 - Google Drive Storage Update via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instanceid on the 'updraftmethod-googledrive-auth' action used to update Google Drive remote storage...